/*
 * To change this template, choose Tools | Templates
 * and open the template in the editor.
 */
package ContentManagers.RoleManagers;

import ContentManagers.Security.Authenticator;
import ContentManagers.Security.Hasher;
import DBConnection.ConnectionFactory;
import java.io.*;
import java.security.NoSuchAlgorithmException;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import javax.servlet.*;
import javax.servlet.http.*;
import java.util.*;
import java.util.logging.Level;
import java.util.logging.Logger;
/**
 *
 * @author Martin San Diego
 */
public class CustomerSessionManager{
    
    public String createCustomerSession(String username, String ipAddr)
    { String sessionID[] = new String[2];
      
        sessionID = Hasher.generateHashedSession(username+ipAddr);
        
        
        boolean result = false;
        
        try {
            ConnectionFactory myFactory = ConnectionFactory.getFactory("customer");
            Connection conn = myFactory.getConnection();
          
            int i = 1;

            PreparedStatement pstmt = conn.prepareStatement("INSERT into customer_sessions (username, sourceIP, salt, sessionId) VALUES(?,?,?,?)");
            pstmt.setString(i++, username);
            pstmt.setString(i++, ipAddr);
            pstmt.setString(i++, sessionID[1]);
            pstmt.setString(i++, sessionID[0]);
            
            pstmt.executeUpdate();
            
            conn.close();
            
       }  catch (SQLException ex) {
            ex.printStackTrace();
        }
        
        
        
      return sessionID[0];
    }
    
    public boolean deleteCustomerSession(String username)
    {
        boolean done = false;
        
        try {
            ConnectionFactory myFactory = ConnectionFactory.getFactory("customer");
            Connection conn = myFactory.getConnection();
          
           int i = 1;
            
           
            //SQL Query
            PreparedStatement pstmt = conn.prepareStatement("DELETE from customer_sessions where username = ?");
            
            pstmt.setString(i++, username);
            
             //execute query
            pstmt.executeUpdate();
            
            conn.close();
            
       }  catch (SQLException ex) {
            ex.printStackTrace();
        }
        
        return done = true;
    }
    
   public boolean checkSession(String username, String currentIP, String currentSessionID)
   {
       boolean indb = false;
       
       try {
            ConnectionFactory myFactory = ConnectionFactory.getFactory("customer");
            Connection conn = myFactory.getConnection();
          
            int i = 1;

            PreparedStatement pstmt = conn.prepareStatement("SELECT * FROM customer_sessions where username = ?");
            pstmt.setString(i++, username);
            
            ResultSet rs = pstmt.executeQuery();

            while (rs.next()) {
                
                if(Authenticator.CompareHash(username+currentIP, currentSessionID, rs.getString("salt")) == true)
                indb = true;
                
               }
            conn.close();
            
            }  catch (SQLException ex) {
            ex.printStackTrace();
            }
       
       return indb;
   }
       
}
